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EXAMINER'S AMENDMENT 

1. An examiner's amendment to tine record appears below. Sliould tine clianges 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with applicant assigned representative Mr. Berkowitz, Registration Number 36,743 on 
July 27^ 2010. 

2. Claims 1 , 3-7, 1 0-1 2, 1 7,21 -22, 24-33,37-40 and 43-47 are allowed. 
The application has been amended as follows: 

Claim 1. (Previously Presented) A method for addressing packets in a 
firewall cluster within a single network, the firewall cluster including a plurality of firewall 
nodes comprising one or more processing units, the method comprising: 

selecting, from the firewall cluster within the single network, a first firewall node 
for processing a first packet, the first firewall node being assigned to a first node 
number; 

receiving, at a first processing unit associated with the first firewall node, the first 
packet; 
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modifying, by the first processing unit, a first address of the first packet into a first 
modified address such that a quadrant identifier determined using a hash function and 
modulo division from the first modified address corresponds to the first node number 
assigned only to the first firewall node; 

selecting, from the firewall cluster within the single network, a second firewall 
node for processing a second packet, the second firewall node being assigned to a 
second node number; 

receiving, at a second processing unit associated with the second firewall node, 
the second packet, the second processing unit being different than the first processing 
unit; 

modifying, by the second processing unit, a second address of the second 
packet into a second modified address such that a quadrant identifier determined using 
a hash function and modulo division from the second modified address corresponds to 
the second node number assigned only to the second firewall node, wherein the second 
modified address of the second packet does not conflict with the first modified address 
of the first packet; 

forwarding the first packet based on the first modified address; and 
forwarding the second packet based on the second modified address. 

Claim 2. (Cancelled). 



Claim 3. 



(Previously Presented) The method of claim 1, further comprising: 



Application/Control Number: 10/712,396 Page 4 

Art Unit: 2451 

assigning to the first firewall node a first region based on a N-tuple space. 

Claim 4. (Previously Presented) The method of claim 3, further comprising: 
using the first address of the first packet, such that the first address represents a 
point within the first region. 

Claim 5. (Original) The method of claim 4, further comprising: 
using N address values as the N-tuple, such that the N address values represent 
the point. 

Claim 6. (Previously Presented) The method of claim 1 , further comprising: 
using a N-tuple space, such that N is equal to a value of at least two. 

Claim 7. (Previously Presented) The method of claim 3, further comprising: 
assigning to the second firewall node a second region based on the N-tuple 
space, such that the first region is separate from the second region. 

Claim 8. (Cancelled). 



Claim 9. (Cancelled). 
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Claim 10. (Previously Presented) A method for addressing packets 
associated with a plurality of processing units, each processing unit being associated 
with one of a plurality of firewall nodes in a firewall cluster within a single network, the 
method comprising: 

selecting, from the firewall cluster within the single network, one of the firewall 
nodes for processing a packet, the selected firewall node including a first processing 
unit; 

receiving, at the first processing unit, the packet; 

reading, at the first processing unit, an N-tuple address of the received packet; 

determining, by the first processing unit, whether the N-tuple address of the 
received packet is within an N-tuple space assigned to the first processing unit based 
on a quadrant identifier and a firewall node number corresponding to the N-tuple space 
assigned to the first processing unit, wherein an N-tuple space assigned to each of the 
plurality of processing units is different, and wherein the quadrant identifier is 
determined from the N-tuple address using a hash function and modulo division; 

sending the packet with the N-tuple address, when it is determined that the N- 
tuple address is within the N-tuple space assigned to the first processing unit; 

determining, when the N-tuple address of the received packet is not within the 
N-tuple space assigned to the first processing unit, a modified N-tuple address based 
on the N-tuple space assigned to the first processing unit, such that the modified 
N-tuple address does not conflict with addresses assigned by any of the other plurality 
of processing units; and 
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sending the packet based on the modified N-tupie address. 

Claim 1 1 . (Original) The method of claim 10, wherein the reading step further 
comprises: 

reading as the N-tuple address, a plurality of values from the received packet. 
Claim 12. (Original) The method of claim 1 1 , wherein the reading step further 
comprises: 

reading at least a source port. 

Claim 13.-16. (Cancelled). 

Claim 17. (Previously Presented) The method of claim 10, wherein the step 
of determining the modified N-tuple further comprises: 

adding a value to the N-tuple address, such that the modified N-tuple address is 
within the N-tuple space assigned to the first processing unit. 

Claim 18. - 20. (Cancelled). 

Claim 21 . (Previously Presented) The method of claim 10, further comprising: 
using a computer as the first processing unit. 



Claim 22. 



(Previously Presented) The method of claim 10, further comprising: 
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using a router as the first processing unit. 
Claim 23. (Cancelled). 

Claim 24. (Previously Presented) A method of addressing packets in a 
firewall cluster within a single network, wherein the firewall cluster comprises a set of 
processing units, each processing unit being associated with a firewall node, the 
method comprising: 

selecting, from the firewall cluster within the single network, one of the firewall 
nodes for processing a packet, the selected firewall node including a first processing 
unit; 

receiving, at the first processing unit, the packet; 

reading, at the first processing unit, an N-tuple address of the received packet; 

determining a quadrant identifier based on the read N-tuple address, a hash 
function, and modulo division; 

determining whether the read N-tuple address corresponds to the first processing 
unit based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first processing unit; [[and]] 

determining, when the quadrant identifier does not correspond to the first 
processing unit, a modified N-tuple address that corresponds to the first processing unit. 
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such that the modified N-tuple address does not conflict with addresses assigned by 
any of the other processing units; and 

sending the packet based on the modified N-tuple address. 

Claim 25. (Previously Presented) The method of claim 24, further comprising: 
assigning each of the set of processing units a firewall node number. 

Claim 26. (Previously Presented) The method of claim 25, further comprising: 
determining whether the N-tuple address corresponds to the first processing unit 
based on the quadrant identifier and the firewall node number. 

Claim 27. (Currently Amended) A system for addressing packets in a firewall 
cluster within a single network, the firewall cluster including a plurality of firewall nodes, 
the system comprising: 

a memory: and 

a processor configured to: 

select [[ m e ans for s e l e cting]] , from the firewall cluster within the single 

network, a first firewall node for processing a first packet, the first firewall node 

being assigned to a first node number; 

receive [[ moano for roco i v i ng]], at a first processing unit associated with 

the first firewall node, the first packet; 
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modify [[ m e ans for mod i fy i ng]] a first address of tlie first packet into a first 
modified address such that a quadrant identifier determined using a hash 
function and modulo division from the first modified address corresponds to the 
first node number assigned only to the first firewall node; 

select [[ m e ans for s ele ct i ng]], from the firewall cluster within the single 
network, a second firewall node for processing a second packet, the second 
firewall node being assigned to a second node number; 

receive [[ moons for roco i v i ng,]] at a second processing unit associated 
with the second firewall node, the second packet, the second processing unit 
being different than the first processing unit; 

modify [[ moans for mod i fy i ng]] a second address of the second packet into 
a second modified address such that a quadrant identifier determined using a 
hash function and modulo division from the second modified address 
corresponds to the second node number assigned only to the second firewall 
node, wherein the second modified address of the second packet does not 
conflict with the first modified address of the first packet; 

forward [[ m e ans for fonA^ard i ng]] the first packet based on the first modified 
address; and 

forward [[ m e ans for forward i ng]] the second packet based on the second 
modified address. 
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Claim 28. (Currently Amended) A system for addressing packets associated 
with one or more processing units, each processing unit being associated with a firewall 
node in a firewall cluster within a single network, the system comprising: 
a memory: and 
a processor configured to: 

select [[ moono for oo l oct i ng]] , from the firewall cluster within the single 
network, one of the firewall nodes for processing a packet, the selected firewall 
node including a first processing unit; 

receive [[ m e ons for r e c ei v i ng]] , at the first processing unit, the packet; 

read [[ moono for read i ng]] , at the first processing unit, an N-tuple address 
of the received packet; 

determine [[ moans for dotorm i n i ng]] whether the N-tuple address of the 
received packet is within an N-tuple space assigned to the first processing unit 
based on a quadrant identifier and a firewall node number corresponding to the 
N-tuple space assigned to the first processing unit, wherein the N-tuple space 
assigned to each of the processing units is different, and wherein the quadrant 
identifier is determined from the N-tuple address using a hash function and 
modulo division; 

send [[ m e ans for s e nd i ng]] the packet with the N-tuple address, when it is 
determined that the N-tuple address is within an N-tuple space assigned to the 
first processing unit; 
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determine [[ m e ans for d e t e rm i ning]] , when the N-tuple address of the 
received pacl^et is not within the N-tuple space assigned to the first processing 
unit, a modified N-tuple address based on the N-tuple space assigned to the first 
processing unit, such that the modified N-tuple address does not conflict with 
addresses assigned by any of the other processing units; and 

send [ [moono for oond i ng]] the packet based on the modified N-tuple 
address. 



Claim 29. (Currently Amended) A firewall cluster within a single network 
Including firewall nodes associated with processing units, comprising: 
a memory: and 
a processor configured to: 

select [[ m e ans for s ele cting]] , from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node Including a 
first processing unit; 

receive [[ moans for roco i v i ng]] , at the first processing unit, the packet; 

read [[ means for r e ad i ng]] , at the first processing unit, an N-tuple address of the 
received packet; 

determine [[ m e ans for d e t e rm i n i ng]] a quadrant identifier based on the read N- 
tuple address, a hash function, and modulo division; 

determine [[ means for d e t e rm i n i ng]] whether the read N-tuple address 
corresponds to the first processing unit based on the quadrant identifier; 
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send [ [m e ans for s e nd i ng]] the packet witli tlie N-tuple address, when the 
quadrant identifier corresponds to the first processing unit; 

determine [[ m e ans for d e t e rm i n i ng]] , when the quadrant identifier does not 
correspond to the first processing unit, a modified N-tuple address that corresponds to 
the first processing unit, such that the modified N-tuple address does not conflict with 
addresses assigned by any of the other processing units; and 

send [[ moans for send i ng]] the packet based on the modified N-tuple address. 



Claim 30. (Previously Presented) A system including a firewall cluster within 
a single network including a plurality of firewall nodes, the firewall nodes being 
associated with one or more processing units, said system comprising: 
at least one memory comprising: 

code that selects, from the firewall cluster within the single network, 
a first firewall node for processing a first packet, the first firewall node including a 
first processing unit, the first firewall node being assigned to a first node number; 

code that receives, at the first processing unit, the first packet; 

code that modifies a first address of the first packet into a first 
modified address such that a quadrant identifier determined using a hash 
function and modulo division from the first modified address corresponds to the 
first node number assigned only to the first firewall node; 

code that selects, from the firewall cluster within the single network, 
a second firewall node for processing a second packet; the second firewall node 
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including a second processing unit, tine second firewall node being assigned to a 
second node number; 

code that receives, at the second processing unit, the second 
packet, the second processing unit being different than the first processing unit; 

code that modifies a second address of the second packet into a 
second modified address such that a quadrant identifier determined using a hash 
function and modulo division from the second modified address corresponds to 
the second node number assigned only to the second firewall node, wherein the 
second modified address of the second packet does not conflict with the first 
modified address of the first packet; 

code that forwards the first packet based on the first modified 

address; and 

code that forwards the second packet based on the second 
modified address; and 

at least one processing unit for executing the code. 



Claim 31. (Previously Presented) A system including a firewall cluster within 
a single network including a plurality of firewall nodes, the firewall nodes being 
associated with processing units, the system comprising: 
at least one memory comprising: 
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code that selects, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node 
including a first processing unit; 

code that receives, at the first processing unit, the packet; 

code that reads, at the first processing unit, an N-tuple address of 
the received packet; 

code that determines whether the N-tuple address of the received 
packet is within an N-tuple space assigned to the first processing unit based on a 
quadrant Identifier and a firewall node number corresponding to the N-tuple 
space assigned to the first processing unit, wherein an N-tuple space assigned to 
each of the processing units is different, and wherein the quadrant identifier is 
determined from the N-tuple address using a hash function and modulo division; 

code that sends the packet with the N-tuple address, when it is 
determined that the N-tuple address is within the N-tuple space assigned to the 
first processing unit; 

code that determines, when the N-tuple address of the received 
packet is not within the N-tuple space assigned to the first processing unit, a 
modified N-tuple address based on the N-tuple space assigned to the first 
processing unit, such that the modified N-tuple address does not conflict with 
addresses assigned by any of the other processing units; and 

code that sends the packet based on the modified N-tuple address; 

and 
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at least one processing unit for executing tlie code. 

Claim 32. (Original) The system of claim 31, wherein code that reads further 
comprises: 

code that reads as the N-tuple address, a plurality of values from the received 
packet. 

Claim 33. (Original) The system of claim 32, wherein code that reads the 

plurality of values further comprises: 

code that reads at least a source port. 

Claim 34. - 36. (Cancelled). 

Claim 37. (Previously Presented) A firewall cluster including a plurality of 
firewall nodes within a single network, the firewall nodes being associated with 
processing units, the firewall cluster comprising: 
at least one memory comprising 

code that selects, from the firewall cluster within the single network, 
one of the firewall nodes for processing a packet, the selected firewall node 
including a first processing unit; 

code that receives, at the first processing unit, the packet; 
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code that reads, at the first processing unit, an N-tuple address of 
the received packet; 

code that determines a quadrant identifier based on the read 
N-tuple address, a hash function, and modulo division; 

code that determines whether the read N-tuple address 
corresponds to the first processing unit based on the quadrant identifier; 

code that sends the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first processing unit; 

code that determines, when the quadrant Identifier does not 
corresponds to the first processing unit, a modified N-tuple address that 
corresponds to the first processing unit, such that the modified N-tuple address 
does not conflict with addresses assigned by any of the other processing units; 
and 

code that sends the packet based on the modified N-tuple address; 

and 

at least one processing unit for executing the code. 



Claim 38. (Currently Amended) A non-transitory computer-readable storage 
medium comprising instructions which, when executed by a processing unit, perform a 
method for addressing packets in a firewall cluster within a single network, the firewall 
cluster including a plurality of firewall nodes, the method including: 
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selecting, from tlie firewall cluster within the single network, one of the firewall 
nodes for processing a packet, the selected firewall node being associated with a first 
processing unit; 

receiving, at the first processing unit, the packet; 

reading, at the first processing unit, an N-tuple address of the received packet; 

determining whether the N-tuple address of the received packet is within an N- 
tuple space assigned to the first processing unit based on a quadrant identifier and a 
firewall node number corresponding to the N-tuple space assigned to the first 
processing unit, wherein an N-tuple space assigned to each of the processing units is 
different, and wherein the quadrant identifier is determined from the N-tuple address 
using a hash function and modulo division; 

sending the packet with the N-tuple address, when it is determined that the 
N-tuple address is within the N-tuple space assigned to the first processing unit; and 

determining, when it is determined that the N-tuple address of the received 
packet is not within the N-tuple space assigned to the first processing unit, a modified 
N-tuple address based on the N-tuple space assigned to the first processing unit, such 
that the modified N-tuple address does not conflict with addresses assigned by any of 
the other processing units; and 

sending the packet based on the modified N-tuple address. 



Claim 39. (Currently Amended) The non-transitory computer-readable 
storage medium of claim 38, wherein reading further comprises: 
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reading as the N-tuple address, a plurality of values from the received packet. 

Claim 40. (Currently Amended) The non-transitory computer-readable 
storage medium of claim 39, wherein reading the plurality of values further comprises: 
reading at least a source port. 

Claim 41 . - 43. (Cancelled). 

Claim 44. (Currently Amended) A non-transitory computer-readable storage 
medium comprising instructions which, when executed by a processing unit, perform a 
method for addressing packets in a firewall cluster within a single network, the firewall 
cluster including a plurality of firewall nodes, the method including: 

selecting, from the firewall cluster within the single network, one of the firewall 
nodes for processing a packet, the selected firewall node including a first processing 
unit; 

receiving, at the first processing unit, the packet; 

reading, at the first processing unit, an N-tuple address of the received packet; 

determining a quadrant identifier based on the read N-tuple address, a hash 
function, and modulo division; 

determining whether the read N-tuple address corresponds to the first processing 
unit based on the quadrant identifier; 
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sending the pacl<et witli tine N-tuple address, when the quadrant identifier 
corresponds to the first processing unit; 

determining, when the quadrant identifier does not corresponds to the first 
processing unit, a modified N-tuple address that corresponds to the first processing unit, 
such that the modified N-tuple address does not conflict with addresses assigned by 
any of the other processing units; and 

sending the packet based on the modified N-tuple address. 

Claim 45. (Currently Amended) A non-transitory computer-readable storage 
medium comprising instructions which, when executed by a processing unit, perform a 
method for addressing packets in a firewall cluster within a single network, the firewall 
cluster including a plurality of firewall nodes comprising one or more processing units, 
the method including: 

selecting, from the firewall cluster within the single network, one of the firewall 
nodes within the single network for processing a first packet, the selected firewall node 
being associated with a first processing unit and assigned to a first node number; 

receiving, at the first processing unit, the first packet; 

modifying a first address of the first packet into a first modified address such that 
a quadrant identifier determined using a hash function and modulo division from the first 
modified address corresponds to the first node number assigned only to the selected 
firewall node; 
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selecting, from tlie firewall cluster within the single network, a second firewall 
node for processing a second packet, the second firewall node being assigned to a 
second node number; 

receiving, at a second processing unit associated with the second firewall node, 
the second packet, the second processing unit being different than the first processing 
unit; 

modifying, by the second processing unit, a second address of the second 
packet into a second modified address such that a quadrant identifier determined using 
a hash function and modulo division from the second modified address corresponds to 
the second node number assigned only to the second firewall node, wherein the second 
modified address of the second packet does not conflict with the first modified address 
of the first packet; 

forwarding the first packet based on the first modified address; and 
forwarding the second packet based on the second modified address. 



EXAMINER'S REASON FOR ALLOWANCE 

3. The following is an examiner's statement of reasons for allowance: Below are the 
underlined statement, for instance as per claim 10, none of the cited prior art discloses 
or suggests: 
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selecting, from tlie firewall cluster within the single network, one of the firewall 
nodes for processing a packet, the selected firewall node including a first processing 
unit; 

receiving, at the first processing unit, the packet; 

reading, at the first processing unit, an N-tuple address of the received packet; 

determining , by the first processing unit, whether the N-tuple address of the 
received packet is within an N-tuple space assigned to the first processing unit based 
on a Quadrant identifier and a firewall node number corresponding to the N-tuple space 
assigned to the first processing unit, wherein an N-tuple space assigned to each of the 
pluralitv of processing units is different, and wherein the Quadrant identifier is 
determined from the N-tuple address using a hash function and modulo division : 

sending the packet with the N-tuple address, when it is determined that the N- 
tuple address is within the N-tuple space assigned to the first processing unit; 

determining, when the N-tuple address of the received packet is not within the 
N-tuple space assigned to the first processing unit, a modified N-tuple address based 
on the N-tuple space assigned to the first processing unit , such that the modified 
N-tuple address does not conflict with addresses assigned by any of the other plurality 
of processing units; and 

sending the packet based on the modified N-tuple address. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
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accompany the issue fee. Sucli submissions sliould be clearly labeled "Comments on 
Statement of Reasons for Allowance." 



CONTACT INFORMATION 

Any Inquiry concerning this communication or earlier communications from the 
examiner should be directed to SAKET K. DAFTUAR whose telephone number is 
(571)272-8363. The examiner can normally be reached on 7:00 - 3:30pm M-W. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status Information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated Information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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